Re: [I2nsf] Requests for Comments on I2NSF WG Re-chartering Text
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Fri, 18 December 2020 14:00 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 060573A0045 for <i2nsf@ietfa.amsl.com>; Fri, 18 Dec 2020 06:00:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.734
X-Spam-Level:
X-Spam-Status: No, score=-1.734 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=0.263, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I9gQ1MimfoR8 for <i2nsf@ietfa.amsl.com>; Fri, 18 Dec 2020 06:00:01 -0800 (PST)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D9E23A003E for <i2nsf@ietf.org>; Fri, 18 Dec 2020 06:00:01 -0800 (PST)
Received: by mail-lf1-x132.google.com with SMTP id m25so5585226lfc.11 for <i2nsf@ietf.org>; Fri, 18 Dec 2020 06:00:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dhGaGAH+8XRUUWbzY8IVJB83t1rx9gEUQTtJGCqrAOQ=; b=D8oY1LjzRnS2TFAWu/SCZx6xj7tGPjw1epVl+EEHjvQjLOa6nfqUH+HUWnmNHg3RZW w5kUCsmb9lrrEWTdc3xbq6GlVKF5IwIIzaN7VPXtZU82YcQZTKpy4xD3eOnGBhjkMNp4 32KD/AIu2zuHZTn4kYBI8U219ALD0i4yK8ci3F37Ytg9v/xd7MtRk3LbOSCTIxpyWjIS t4lFfsyr6pPLjIGgEHmokMkSgXduxSTEEHvn6g0ULEdr1smfIr6l8zkVs6pQuIOT7TR9 cCOAM3QqJMEU7fMwB320qfK8+iNukFsZ9r1ykmsgNG+3kcGcgv4O1owZF7eDnTjoGDK+ /NpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dhGaGAH+8XRUUWbzY8IVJB83t1rx9gEUQTtJGCqrAOQ=; b=b3aHSBs3NFWosp3ujJuh8bnllIMWpbKQfGzyhxwtQ1bFFIu0htnP7tKyjw/EMxf64t SU8DYBgq5LqjgU5QyBQylx0Rnh3+m2uuBH8Z8nom6wdYKXs172xCIGEZQGP7O07LzOsn TLyuQwKdFHdistLGJ5jOxEHB82QjIvOoH+gHa12Q8yoPN747RKQBVvkT0BVTQ4gGx3VA RUCX9ROsB603KTckfjWOhIFbbHyn3ai0uDpFtVEbpKf9pmu/Q00Kqdl5rs3xsv/ev5w3 iUui06Qd1BPOVudRgRxrxJG8csqE1A0UVa7vIEkep38IYRDO8muu8UAMGjgAht+YOd/R L71w==
X-Gm-Message-State: AOAM530alA79RUE/79UHE+1jLcn5cz40RtlxD8IpN9YdbUx1l4OyDI0G 57GuweT43e0RAAYu45hhlUlaNwCZms3g1Tg9mcg=
X-Google-Smtp-Source: ABdhPJwrku/1xkj/SZKUIdFbnvpxhhIrc9K7RAr/E0XFYrO/VAGvC+vigsiLEmkcAWIacfvbDSqdqXJSw7O6WBZpbzg=
X-Received: by 2002:a05:6512:210c:: with SMTP id q12mr1491668lfr.601.1608299999222; Fri, 18 Dec 2020 05:59:59 -0800 (PST)
MIME-Version: 1.0
References: <CAPK2DezSjGQxCTm+ZzLPT5bD62N8+=_vEurZLVmyQqP+q-6eKA@mail.gmail.com> <CAPK2DeyjX=vzK11Cu=wr0BL7yY6EFQJVBogWVK-LM1wcFb_d+A@mail.gmail.com> <SN6PR13MB23349F810F0945789AD080DC85CB0@SN6PR13MB2334.namprd13.prod.outlook.com>
In-Reply-To: <SN6PR13MB23349F810F0945789AD080DC85CB0@SN6PR13MB2334.namprd13.prod.outlook.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Fri, 18 Dec 2020 22:59:23 +0900
Message-ID: <CAPK2DexubwzDBJVdBfQNmqBnvBHFFsG9CBR0zamSNQ0KxcsyGg@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, Roman Danyliw <rdd@cert.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000025608305b6bd8693"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/_h5j2nIQz0O8PF47kXp3Pkw17lQ>
Subject: Re: [I2nsf] Requests for Comments on I2NSF WG Re-chartering Text
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2020 14:00:05 -0000
Hi Linda and Yoav, For I2NSF Capability YANG Data Model Draft (draft-ietf-i2nsf-capability-data-model-13), I need more time to finish the revision for the IESG and Tsvart. I will try to finish the revision by December 24, 2020. At the end of the fall semester, I am overloaded with my university work. Thanks for your considerations. Best Regards, Paul On Fri, Dec 11, 2020 at 12:26 AM Linda Dunbar <linda.dunbar@futurewei.com> wrote: > Paul, > > > > Thank you very much for the update. > > The schedule looks very good. > > > > Linda > > > > *From:* Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com> > *Sent:* Wednesday, December 9, 2020 8:40 PM > *To:* i2nsf@ietf.org > *Cc:* Roman Danyliw <rdd@cert.org>; Linda Dunbar < > linda.dunbar@futurewei.com>; Yoav Nir <ynir.ietf@gmail.com>; > skku-iotlab-members <skku-iotlab-members@googlegroups.com>; Mr. Jaehoon > Paul Jeong <jaehoon.paul@gmail.com> > *Subject:* Re: Requests for Comments on I2NSF WG Re-chartering Text > > > > Hi I2NSF WG, > > I have the schedule to submit our I2NSF YANG Data Model Drafts to the IESG > as follows. > > > > o I2NSF Capability YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability-data-model/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-capability-data-model%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485649986%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=13kcCM1D%2BSemu0RoKd6futT0Ea2Aw%2F1RglIwuiFg2bA%3D&reserved=0> > ) > > - The revised draft for the IESG's and Tsvart's reviews will be > submitted on December 18, 2020. > > > > o I2NSF NSF-Facing Interface YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-nsf-facing-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485659981%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8n4%2BzctXApn7dfyjJDG%2B6CR0j74qUAFnLCqLWxoG54A%3D&reserved=0> > ) > > - The revised draft for our AD Roman's review will be submitted on > January 18, 2021. > > > > o I2NSF Consumer-Facing Interface YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-consumer-facing-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485659981%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qB%2BB69yyZlBKx9coL%2FtaYAl2ilw44NIdACLwtY%2BxmFA%3D&reserved=0> > ) > > - The draft will be submitted to the IESG for our AD's review on > January 25, 2021. > > > > o I2NSF NSF Monitoring Interface YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-monitoring-data-model/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-nsf-monitoring-data-model%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485669974%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VlYZzRzS14btI3a4L98k3JaIpoGbUJ%2Ft1XVlngBRn8k%3D&reserved=0> > ) > > - The revised draft for the 1st YANG Doctor review will be submitted to > the YANG Doctor > > on January 31, 2021. > > > > o I2NSF Registration Interface YANG Data Model Draft > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-registration-interface-dm/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-registration-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485669974%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uPWWXnXVUbKUIMwSxgK8IXBxMX0auCbTRQN%2FRCSb6vk%3D&reserved=0> > ) > > - The draft will be submitted to the IESG for our AD's review on February > 15, 2021. > > > > Thanks. > > > > Best Regards, > > Paul > > > > On Thu, Dec 10, 2020 at 11:16 AM Mr. Jaehoon Paul Jeong < > jaehoon.paul@gmail.com> wrote: > > Hi I2NSF WG, > > I2NSF WG chairs (Linda and Yoav) and members including Susan, Diego, and > me > > had an online meeting for I2NSF WG Re-chartering Text on December 3, 2020. > > > > Could you read the following text and give us your comments on it? > > > > > ------------------------------------------------------------------------------------------------------------------------------- > > <I2NSF WG Re-chartering Text> > > Interface to Network Security Functions (I2NSF) provides security function > vendors, users, and > > operators with a standard framework and interfaces for cloud-based > security services. I2NSF > > enables the enforcement of a high-level security policy, which is > expressed according to a user's > > perspective of the target network. This security policy enforcement in > I2NSF is a data-driven > > approach using NETCONF/YANG or RESTCONF/YANG, where a security policy is > constructed > > based on a YANG data model. > > The I2NSF framework consists of four components such as I2NSF User, > Security Controller, > > Network Security Function (NSF), and Developer's Management System (DMS). > The I2NSF > > User specifies a high-level security policy for a target network. The > Security Controller is aware > > of the capabilities of the attached NSFs, using them to build the security > service(s) satisfying > > the policy expressed by the I2NSF User. An NSF provides a set of specific > security capabilities > > (e.g., firewalling, web filtering, packet inspection, and DDoS-attack > mitigation), applying security > > policy rules. The DMS registers the capabilities of an NSF with the > Security Controller. > > The I2NSF framework has four interfaces such as Consumer-Facing Interface, > NSF-Facing > > Interface, Registration Interface, and Monitoring Interface. > Consumer-Facing Interface is used > > to deliver high-level security policies from the I2NSF User to the > Security Controller. NSF-Facing > > Interface is used to deliver low-level security policies from the Security > Controller to an NSF. > > The Registration Interface is used to register the capabilities of an NSF > with the Security > > Controller. The Monitoring Interface is used to collect monitoring data > from an NSF. > > The goal of I2NSF is to define a set of software interfaces and data > models of such interfaces > > for configuring, maintaining, and monitoring NSFs in cloud environments, > including NFV and > > edge deployments. For security management automation in an autonomous > security system, > > I2NSF needs to have a feedback control loop consisting of security policy > configuration in an > > NSF, monitoring for an NSF, data analysis for NSF monitoring data, > feedback delivery, and > > security policy augmentation/generation. For this security management > automation, the I2NSF > > framework requires a new component to collect NSF monitoring data and > analyze them, which > > is called I2NSF Analyzer. Also, the I2NSF framework needs a new interface > to deliver feedback > > messages for security policy adjustment from I2NSF Analyzer to Security > Controller. A proper > > translation of the planned actions onto NSF capabilities requires a > well-defined model for > > representing these actions. > > I2NSF is vulnerable to inside and supply chain attacks since it trusts NSF > capability declarations > > as provided by DMS, assuming that NSFs work appropriately in all > circumstances, as well as > > I2NSF User’s policy declarations and the actions of the Security > Controller. The registration of > > NSF capabilities, the declaration of a security policy from either the > I2NSF User or its > > enforcement by the Security Controller, and the monitoring data from an > NSF are assumed to be > > genuine and non-malicious. If one of such activities is malicious, the > security system based on > > I2NSF may collapse. To prevent this malicious activity from happening in > the I2NSF framework > > or detect the root of a security attack, all the activities in the I2NSF > framework should be logged > > in either a centralized or decentralized (e.g., blockchain) way. Also, the > provenance and status > > of the I2NSF components (i.e., I2NSF User, Security Controller, NSF, DMS, > and I2NSF Analyzer) > > need to be verified by remote attestation, leveraging the current results > mostly focused on IT > > environments. > > Finally, the current YANG data models for the I2NSF interfaces are > designed on the basis of NSFs > > implemented as virtual machines, and therefore they need to be redesigned > for the case where > > I2NSF components are instantiated by containers. > > The I2NSF working group's deliverables include: > > o A single document for an extension of I2NSF framework for security > management automation. > > This document will initially be produced for reference as a living list to > track and record discussions: > > the working group may decide to not publish this document as an RFC. > o A YANG data model document for I2NSF Application Interface to deliver > feedback from I2NSF > > Analyzer to Security Controller. > o A single document for applicability and use cases in I2NSF-based > security management > > automation. > o A single document for a framework for security policy translation to > support the mapping > > between a high-level YANG module and a low-level YANG module: the working > group may decide > > to not publish this document as an RFC. This document will apply the > recommendations under > > discussion in NETMOD and OPSAWG on event modeling. > o A single document for remote attestation for I2NSF components, based on > the work of the > > RATS WG. > o A single document for I2NSF on container deployments in a cloud native > NFV architecture. > > -------------- > Milestones > > o July 2022: Adopt applicability and use cases in I2NSF-based security > management automation > > as WG document > o March 2022: Adopt I2NSF on container deployments in a cloud native NFV > architecture as WG > > document > o November 2021: Adopt a framework for security policy translation as WG > document > o July 2021: Adopt remote attestation for I2NSF components as WG document > o July 2021: Adopt a YANG data model for I2NSF Application Interface as WG > document > o March 2021: Adopt an extension of I2NSF framework for security > management automation as > > WG document > > > ------------------------------------------------------------------------------------------------------------------------------- > > > > After submitting all the I2NSF YANG data model drafts, we will be able to > work on > > the I2NSF WG re-chartering in earnest. > > > > Thanks. > > > > Best Regards, > > Paul > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Computer Science and Engineering > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485679970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zxbZd6jk0HT9OLox4UFfBznjoUPD9%2F9usnczW6JnubI%3D&reserved=0> > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Computer Science and Engineering > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4469ffc114244fef5dba08d89cb4fef3%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637431648485679970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zxbZd6jk0HT9OLox4UFfBznjoUPD9%2F9usnczW6JnubI%3D&reserved=0> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Computer Science and Engineering Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] Requests for Comments on I2NSF WG Re-char… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Requests for Comments on I2NSF WG Re-… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Requests for Comments on I2NSF WG Re-… Linda Dunbar
- Re: [I2nsf] Requests for Comments on I2NSF WG Re-… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Requests for Comments on I2NSF WG Re-… Linda Dunbar
- Re: [I2nsf] Requests for Comments on I2NSF WG Re-… Mr. Jaehoon Paul Jeong